INFSA-2025:1330: openssl security update
Information about definition
Identificator: INFSA-2025:1330
Type: security
Release date: 2025-03-17 13:04:17 UTC
Information about package
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Vulnerabilities description
- CVE-2024-12797
A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-12797
|
no information | 7.4 | no information |
Updated packages